Data management in electronic devices (e.g., computing devices) is evolving towards a more distributed architecture. For example, while data was traditionally stored in persistent memory local to device, data may now be remotely-stored in a remote resource. An example remote resource may be a cloud-based computing solution comprising at least one computing device (e.g., a server) accessible via a wide-area network (WAN) such as the Internet. There are a variety of benefits that may be realized when using remotely-stored data architectures. For example, data may be accessible not only to the device that generated the data, but also to other devices (e.g., mobile computing devices, mobile communication devices, etc.) that may benefit from being able to access the data regardless of location. The other devices may access data on the remote resource via wired or wireless connections to the Internet. Moreover, remotely-stored data may be much more tolerant of catastrophic events such as fires, weather emergencies, power outages, etc., since cloud-based resources are often built to account for such events with more substantial event protection, backup resources, etc.
While the benefits of remotely-stored data may be apparent, there are also some risks. For example, users storing a variety of data (e.g., that may comprise confidential information) in a single location presents an enticing target for hackers that may have malicious intentions. Encrypting the data prior to storage on the remote resource may help to prevent hackers from gaining access, however, the tools used to perform the encryption must also be protected. For example, when a user is responsible for encrypting data prior to storage on a remote resource, rootkits and other high-privilege attacks may be able to gain access to encryption keys stored on the device of the user. Moving responsibility for data encryption to the remote resource (e.g., cloud-based storage provider) does not alleviate this problem as the same type of attack may be used to access the encryption keys stored in the remote resources (e.g., on a server).
Although the following Detailed Description will proceed with reference being made to illustrative embodiments, many alternatives, modifications and variations thereof will be apparent to those skilled in the art.